europe

How do Texas startups comply with GDPR?

Your Name ·

Even if your startup is in Houston or Dallas your startup may need to comply with GDPR under certain circumstances. Here’s what to do.

  1. Figure out if GDPR applies to your company

  2. Figure out which role you play under GDPR

    You’re a controller if you decide the purposes and means of processing. You’re a processor if you—wait for it—process personal data. Keep in mind that it is possible to be both a controller and a processor.

  3. Adopt GDPR principles

    You must abide by these principles under GDPR: that data is processed lawfully & fairly, that there’s a purpose limitation, that data is not excessively collected (minimization), that the data is accurate, that you implement ideas of storage limitation, and that processing is done confidentially and with integrity,

  4. Figure out the purpose and basis for processing

  5. Implement technical and organizational safeguards

    Your startup needs be properly capable and beefed up to handle data/data processing.

  6. Make appointments under GDPR

    You may have to assign a Data Processing Officer if you regularly process data or if you handle sensitive data; also assign a representative (similar to a corporate registered agent for business filings but in the EU for data protection purposes).

  7. Allow data subjects to exercise their rights

    Under GDPR data subjects have certain rights to their data. Make sure you allow them to exercise these rights. Remember that some rights will be unavailable depending on the basis used for processing.

  8. Make sure contracts, privacy policy, etc. are properly in place

    There are relationships you’ll need to tend to—between the data subject, controller, and processor. See here for what you need in those documents.

  9. Maintain good records

    Depending on the size of your organization you may need to keep good records of processing activities. It’s a smart idea to keep records regardless.

  10. Report if you have any breaches or if there are other issues

    You have a duty to report breaches and other issues under GDPR.

    Don’t relax immediately though. You may also have to report to individuals in different states as well.

  11. Review this article to make sure you’re understanding is well-rounded

    Remember—bits and pieces of information are largely useless. Make sure you have a good organized understanding of all of this. Read this article for an overview of GDPR.